EP3707739B1 - Method and apparatus for authenticating and detecting circuit breaker integrity - Google Patents
Method and apparatus for authenticating and detecting circuit breaker integrity Download PDFInfo
- Publication number
- EP3707739B1 EP3707739B1 EP18808222.6A EP18808222A EP3707739B1 EP 3707739 B1 EP3707739 B1 EP 3707739B1 EP 18808222 A EP18808222 A EP 18808222A EP 3707739 B1 EP3707739 B1 EP 3707739B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- state
- rfid tag
- display
- circuit breaker
- authentication data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 27
- 230000008859 change Effects 0.000 claims description 23
- 239000004020 conductor Substances 0.000 claims description 10
- 238000004146 energy storage Methods 0.000 claims description 9
- 239000003990 capacitor Substances 0.000 claims description 3
- 230000008569 process Effects 0.000 description 15
- 230000004044 response Effects 0.000 description 7
- 230000004075 alteration Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 239000000463 material Substances 0.000 description 3
- 238000006073 displacement reaction Methods 0.000 description 2
- 238000001652 electrophoretic deposition Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 229920001345 ε-poly-D-lysine Polymers 0.000 description 2
- 235000014676 Phragmites communis Nutrition 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000001962 electrophoresis Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 239000002245 particle Substances 0.000 description 1
- 238000004886 process control Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01H—ELECTRIC SWITCHES; RELAYS; SELECTORS; EMERGENCY PROTECTIVE DEVICES
- H01H9/00—Details of switching devices, not covered by groups H01H1/00 - H01H7/00
- H01H9/16—Indicators for switching condition, e.g. "on" or "off"
- H01H9/161—Indicators for switching condition, e.g. "on" or "off" comprising light emitting elements
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01H—ELECTRIC SWITCHES; RELAYS; SELECTORS; EMERGENCY PROTECTIVE DEVICES
- H01H9/00—Details of switching devices, not covered by groups H01H1/00 - H01H7/00
- H01H9/18—Distinguishing marks on switches, e.g. for indicating switch location in the dark; Adaptation of switches to receive distinguishing marks
- H01H9/181—Distinguishing marks on switches, e.g. for indicating switch location in the dark; Adaptation of switches to receive distinguishing marks using a programmable display, e.g. LED or LCD
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02H—EMERGENCY PROTECTIVE CIRCUIT ARRANGEMENTS
- H02H1/00—Details of emergency protective circuit arrangements
- H02H1/0061—Details of emergency protective circuit arrangements concerning transmission of signals
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02H—EMERGENCY PROTECTIVE CIRCUIT ARRANGEMENTS
- H02H3/00—Emergency protective circuit arrangements for automatic disconnection directly responsive to an undesired change from normal electric working condition with or without subsequent reconnection ; integrated protection
- H02H3/02—Details
- H02H3/04—Details with warning or supervision in addition to disconnection, e.g. for indicating that protective apparatus has functioned
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01H—ELECTRIC SWITCHES; RELAYS; SELECTORS; EMERGENCY PROTECTIVE DEVICES
- H01H71/00—Details of the protective switches or relays covered by groups H01H73/00 - H01H83/00
- H01H71/74—Means for adjusting the conditions under which the device will function to provide protection
- H01H2071/7472—Means for adjusting the conditions under which the device will function to provide protection with antitamper means for avoiding unauthorised setting
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01H—ELECTRIC SWITCHES; RELAYS; SELECTORS; EMERGENCY PROTECTIVE DEVICES
- H01H2219/00—Legends
- H01H2219/036—Light emitting elements
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01H—ELECTRIC SWITCHES; RELAYS; SELECTORS; EMERGENCY PROTECTIVE DEVICES
- H01H2239/00—Miscellaneous
- H01H2239/032—Anti-tamper
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01H—ELECTRIC SWITCHES; RELAYS; SELECTORS; EMERGENCY PROTECTIVE DEVICES
- H01H2300/00—Orthogonal indexing scheme relating to electric switches, relays, selectors or emergency protective devices covered by H01H
- H01H2300/03—Application domotique, e.g. for house automation, bus connected switches, sensors, loads or intelligent wiring
- H01H2300/032—Application domotique, e.g. for house automation, bus connected switches, sensors, loads or intelligent wiring using RFID technology in switching devices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02B—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO BUILDINGS, e.g. HOUSING, HOUSE APPLIANCES OR RELATED END-USER APPLICATIONS
- Y02B90/00—Enabling technologies or technologies with a potential or indirect contribution to GHG emissions mitigation
- Y02B90/20—Smart grids as enabling technology in buildings sector
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S20/00—Management or operation of end-user stationary applications or the last stages of power distribution; Controlling, monitoring or operating thereof
- Y04S20/14—Protecting elements, switches, relays or circuit breakers
Definitions
- This disclosure is related to a method and system for authenticating and detecting the integrity of an electrical equipment, and in particular to whether or not a circuit breaker has been subject to unauthorized tampering.
- Circuit breakers are designed to provide protection for power distribution systems. Circuit breakers safeguard connected electrical devices and conductors against current overloads and short circuits, thereby protecting people and equipment in the field.
- a circuit breaker includes a housing assembly that encloses elements of a conductor assembly, an operating mechanism, a trip unit, as well as other elements. The enclosed elements must be made and maintained according to the manufacturer's specifications. Circuit breakers, or specific elements thereof such as, but not limited to, the trip units, which are purchased from unauthorized online resellers and unauthorized local dealers, are often of unknown conditions and origins.
- circuit breaker that is advertised as "new" may be a counterfeit of it, or it may contain counterfeit circuit breaker elements. It may be reconditioned, or it may have been tampered with. Such circuit breakers/elements expose users to substantial safety risks and liability, as well as potential lost production revenues.
- circuit breakers and circuit breaker elements are hard to spot.
- Ordinary users may not have sufficient technical knowledge and experience to detect or identify any unauthorized product or improper reconditioning/tampering.
- a problem with known circuit breakers is that they do not include a device for detecting authenticity of circuit breakers, i.e., whether a circuit breaker is made by the original manufacturer or the circuit breaker has been tampered with or improperly reconditioned. Same issues exist for other electrical equipment.
- WO 2012 042 364 A1 relates to an interface for a self powered protection relay that uses mechanical switches for its configuration.
- the protection relay comprises of a base relay for measurement of line current and generation of a trip signal, a Human Machine Interface (HMI) unit for specifying, by a user, a base setting of an operating parameter of the protection relay.
- the base relay is self -powered from the line and the HMI unit is provided with an auxiliary power supply.
- the protection relay is configured with mechanical switches provided in the protection relay.
- the HMI unit in the protection relay is designed to detect and alert the user of the relay of any change in the base setting carried out with one or more mechanical switches provided in the relay in powered and unpowered conditions of the base relay.
- EP 3 041 013 A1 relates to RFID tag based state monitoring of contactors.
- the circuit breaker apparatus inter alia includes a housing, a circuit disposed in the housing, a display attached to an outside surface of the housing, a controller, and a power control device electrically coupled to the display and the controller.
- the housing may include multiple sections, such as a base and a cover.
- the circuit connects a power line to a load via conductors and provide circuit protection for the conductors and the load.
- the power control device may provide power to the controller when the apparatus is being tampered with. When the controller is powered, it may cause the power control device to cause the display to change from a first state to a second state, where the first state indicates that the apparatus is authenticated and the second state indicates that the apparatus has been tampered with.
- the first state may include a state in which a message indicative of no tampering is displayed, or a two-dimensional (2D) barcode containing product information is displayed.
- the second state of the display may include a state in which: a message displayed in the first state is erased; a blank screen is displayed; or a message indicating that the apparatus has been tampered with is displayed.
- the display may be an electronically-alterable display that does not require power in situations other than changing its state. Either the first state or the second state may stay in that state when the display has no power.
- the power control device may include an energy storage device, such as a capacitor, which becomes sufficiently charged to power the controller when the apparatus is being tampered with.
- the circuit breaker may include a battery and a switch, where the switch is configured to connect the battery to the energy storage device when the apparatus is being tampered with.
- the circuit breaker may also include a power harvester disposed inside the apparatus and configured to charge the energy storage device when the apparatus is being tampered with. The power harvester may charge the energy storage device when the housing is opened between any two sections of the housing.
- the circuit breaker apparatus includes a first RFID tag attached to the apparatus, the first RFID tag containing authentication data therein.
- the controller of the circuit breaker apparatus initializes the display to the first state by: retrieving the authentication data from the first RFID tag; retrieving a key stored external to the apparatus; using the key to determine whether the authentication data retrieved from the first RFID tag is valid; and upon determining that the authentication data retrieved from the first RFID tag is valid, causing the power control device to initialize the display to the first state.
- the controller may determine whether the apparatus has been tampered with before causing the power control device to cause the display to change from the first state to the second state.
- the step of such determination may include: retrieving the authentication data from the first RFID tag; retrieving the key stored external to the apparatus; using the key to determine whether the authentication data retrieved from the first RFID tag is valid; and upon determining that the authentication data retrieved from the first RFID tag is invalid, determining that the apparatus has been tampered with.
- the circuit breaker apparatus may also include a second RFID tag containing authentication data therein and attached to the apparatus.
- the controller may initialize the display to the first state by additionally: retrieving the authentication data from the second RFID tag; using the key to determine whether the authentication data retrieved from the second RFID tag is valid; and upon determining that both the authentication data retrieved from the first RFID tag is valid and the authentication data retrieved from the second RFID tag is valid, causing the display to initialize to the first state.
- the first RFID tag may be attached to the cover of the housing, and the second RFID tag may be attached to the base of the housing.
- either the first RFID tag or the second RFID tag may be an active RFID chip, and the power control device may power the first and/or second RFID tag when the apparatus is being tampered with.
- a method for detecting integrity of a circuit breaker includes: by a power control device of the circuit breaker, providing power to a controller of the circuit breaker when the circuit breaker is being tampered with; by the controller of the circuit breaker, when powered, causing the power control device to cause a display attached to an outside surface of the circuit breaker to change from a first state to a second state.
- the first state indicates that the circuit breaker is authenticated and the second state indicates that the circuit breaker has been tampered with.
- the method includes: by the controller, initializing the display to the first state by: retrieving authentication data from a first RFID tag attached to the circuit breaker; retrieving a key stored external to the circuit breaker; using the key to determine whether the authentication data retrieved from the first RFID tag is valid; and upon determining that the authentication data retrieved from the first RFID tag is valid, causing the power control device to initialize the display to the first state.
- the method may also include: by the controller, determining whether the circuit breaker has been tampered with before causing the power control device to cause the display to change from the first state to the second state.
- the determination of whether the circuit breaker has been tampered may include: retrieving the authentication data from the first RFID tag; retrieving the key stored external to the circuit breaker; using the key to determine whether the authentication data retrieved from the first RFID tag is valid; and upon determining that the authentication data retrieved from the first RFID tag is invalid, determining that the circuit breaker has been tampered with.
- the method may further include: by the controller, initializing the display to the first state.
- the step of initializing the display to the first state may additionally include: retrieving authentication data from a second RFID tag attached to the circuit breaker; using the key to determine whether the authentication data retrieved from the second RFID tag is valid; and, upon determining that both the authentication data retrieved from the first RFID tag is valid and the authentication data retrieved from the second RFID tag is valid, causing the display to initialize to the first state.
- controller and “controller device” mean an electronic device or system of devices configured to command or otherwise manage the operation of one or more other devices.
- a controller will typically include a processing device, and it will also include or have access to a memory device that contains programming instructions configured to cause the controller's processor to manage operation of the connected device or devices.
- memory and “memory device” each refer to a non-transitory device on which computer-readable data, programming instructions or both are stored. Except where specifically stated otherwise, the terms “memory” and “memory device” are intended to include single-device embodiments, embodiments in which multiple memory devices together or collectively store a set of data or instructions, as well as one or more individual sectors within such devices.
- processor and “processing device” refer to a hardware component of an electronic device (such as a controller) that is configured to execute programming instructions. Except where specifically stated otherwise, the singular term “processor” or “processing device” is intended to include both single processing device embodiments and embodiments in which multiple processing devices together or collectively perform a process.
- the term "message” in this document refers to any text or graphics that may be output on a display and visible to a user.
- the message may be plain English text, or the message may also be a symbol, a logo, or a two-dimensional (2D) barcode, such as a matrix code or QR code.
- the 2D barcode may contain data, such as product information.
- the term "tampering" as used for tampering with a circuit breaker refers to making unauthorized alterations to the circuit breaker, where such alterations may cause one or more parts of the circuit breaker to become loose or have non-manufacturer authorized parts installed.
- the alteration may include various types of actions done to the breaker.
- the alteration may include opening the circuit breaker's housing so that at least two sections of the housing become apart.
- the alteration may also include peeling the warranty seal of the breaker.
- the alteration may also include an incidental impact to the breaker beyond normal use, such as dropping the breaker to the ground or causing the breaker cover and base to separate.
- FIG. 1 illustrates an example of a circuit breaker 100, which includes a housing 110.
- the housing includes multiple sections, such as a first section 112 and a second section 114 , that together form a sealed enclosure.
- Each of the first or second section 112 , 114 of the housing 110 may be the cover and the base of the housing, respectively.
- Housing 110 may enclose therein a circuit which is configured to connect a power line to a load via conductors, and to provide circuit protection for the conductors and the load.
- Conductors may include busbars, conductive traces, wiring, cables or other conductive materials.
- the circuit includes a number of elements which directly affect the operation of the circuit breaker. These number of elements of the circuit breaker may include, for example, a set of contacts, an operating mechanism, a trip unit, an auxiliary switch, an under voltage relay, a bell alarm switch (not shown) or a combination thereof.
- the circuit breaker 100 may also include a display 116 attached to an outside surface of the housing.
- the display 116 may be attached to the cover 112 or the base 114 of the housing so that it is viewable to the user.
- the display 116 may have two states: an initial state and a second state.
- the initial state may indicate that the circuit breaker is authenticated and has not been tampered with.
- the display may output a genuine logo "UL Certified" 118 to indicate authenticity to the user.
- the display may alternatively output a message, such as "This unit is certified.”
- the initial state of the display may be set by the manufacturer. In a non-limiting example, when the circuit breaker is in the factory sealed state and has not been tampered with, the display is in the initial state indicating no tampering, such as outputting a genuine logo.
- the second state of the display 116 may indicate that the circuit breaker has been tampered with.
- the second (tampering) state may include outputting a message indicating that the apparatus has been tampered with, such as a text message "This unit is void.”
- the second (tampering) state may also include erasing the content of the display in the initial state, for example, the genuine logo "UL Certified" disappears from the display.
- the second (tampering) state may also include showing a blank screen on the display.
- the circuit breaker may include components that are configured to respond to a tampering event with the circuit breaker by causing the display to change from the initial state to the second (tampering) state.
- the circuit breaker may include a controller 204 disposed inside the housing ( 110 in FIG. 1 ).
- the circuit breaker may also include a power control device 202 electrically coupled (e.g., via direct or indirect connection) to the controller 204 and to the display 216 to provide power to the controller and control the display in response to a situation where the apparatus is being tampered with.
- the display is an ultra-low power display unit.
- the display may be an electronically-alterable display that does not require power in situations other than changing its state.
- the state of the display may be alterable through the application of an external power without requiring any circuitry in the display itself. In other words, the display may stay in the last state without any circuitry or power.
- U.S. Patent No. 7,284,708 discloses an electronically-alterable display that includes bichromal materials which may change orientation in response to an external field, where the orientation of the bichromal material may determine a state of the display, such as an image or value.
- a charge may be applied to certain areas of the display, for example, an area forming a letter "O," and accordingly the corresponding bichromal material in the display may form the letter "O.”
- the ultra-low power display unit may be made of the electronic paper display (EPD).
- EPD electronic paper display
- An EPD is a display device that only requires power to change the displayed image, and does not require power to maintain the image once displayed. EPDs may rely on electrophoresis to move, turn or otherwise rearrange conductive particles that form the displayed image in response to a selectively applied charge. A message displayed in the EPD can still stay visible when there is no power to the display. As such, the genuine logo on the circuit breaker will still remain visible during normal circuit breaker operation and even when there is a total loss of electrical power.
- Example manufacturers of EPDs include E Ink, Liquivista, and Plastic Logic.
- the power control device 202 when the display is in the initial state, such as when the circuit breaker is released from the factory, the power control device 202 does not direct the power to the controller 204 and the display 216 , and in that state the content on the display cannot be altered.
- the circuit breaker may be configured to provide power to the controller 204 to allow the display to change from the initial state to the second (tampering) state in response to an occurrence of a tampering event with the circuit breaker.
- the power may be provided by a battery 214 connected to a switch 212.
- the switch 212 may be configured to connect the battery 214 to the power control device 202 when the circuit breaker is being tampered with.
- the switch 212 may be a mechanical switch and attached to the housing of the circuit breaker. The contact points of the switch may be positioned to be open when the housing is closed and close when the housing is opened between at least two sections of the housing.
- the switch 212 may be a magnetic sensor switch such as a reed relay that has two parts. The first part may have a set of contacts therein and may be attached to one section of the housing, such as the cover.
- the second part of the switch may have a magnet that may be positioned in proximity to the first part of the switch.
- the second part of the switch may be attached to another section of the housing, such as the base, and aligned with the first part.
- the housing When the housing is closed, the second part will stay within a proximity to the first part, and the contacts in the first part will stay open.
- the housing When the housing is opened between the cover and the base, the displacement between the cover and the base of the housing will cause the second part of the switch to be displaced from the first part, which displacement will cause the contacts in the first part to close. In such a case, the switch will connect the battery 214 to the power control device 202.
- the power required to power the power control device 202 may be provided by a power harvester 210 that is connected to the power control device 202 and is configured to generate power when the circuit breaker is being tampered with.
- the power harvester 124 may be disposed inside the housing 110.
- the power harvester 124 may have a coil and a magnet that are disposed inside the housing and that are magnetically couplable to each other.
- Each of the coil and magnet may be attached to a part of the housing.
- the coil may be attached to the cover of the housing, and the magnet may be attached to the base of the housing.
- the housing is closed, the coil and the magnet may be coupled.
- the magnet may be positioned inside the coil.
- the magnet When the housing is opened, the magnet may be moved relative to the coil. For example, the magnet may be moved out of the coil. Such motion may generate electrical current inside the coil, which will cause the power harvester to generate power.
- the power control device also includes an energy storage device 208 , for example, a capacitor, that becomes sufficiently charged by either the battery 214 or the power harvester 210 to power the controller 204 when the apparatus is being tampered with.
- an energy storage device 208 for example, a capacitor
- the controller 204 When the circuit breaker is being tampered with, the controller 204 will transition from a state of no power to a state of power.
- the controller 204 may be configured to cause the display to change its state when the controller is powered up. For example, when controller 204 is powered up (by the power control device), it may automatically transmit a signal to cause the power control device 202 to cause the display 216 to enter into a tampering state indicating that the circuit breaker has been tampered with. For example, the display may output a message indicating that the circuit breaker has been tampered with.
- the controller 204 may be configured to cause the power control device 202 to erase the message displayed in the initial state.
- the display Once the display is transitioned to the tampering state, it cannot change back to the initial state unless the display is reset. In such a way, via the state of the display, the user may recognize that the circuit breaker has been tampered with and is not genuine.
- the controller 204 is configured to use authentication data, which is stored in one or more RFID tags (i.e. RFID chips) 220 , 222 attached to the circuit breaker housing.
- the controller 204 may be in communication with the one or more RFID tags 220 , 222 in any suitable wireless communication, e.g., near field communication (NFC).
- the controller 204 is further configured to read or cause a RFID reading device to retrieve authentication data off of the one or more RFID tags 220 , 222 , via the antennas 224 , 226 of each RFID tag, and validate the authentication data.
- the controller may also retrieve a key, such as a factory or vendor key, and use the key to determine whether the authentication data retrieved from the RFID tag is valid.
- a key such as a factory or vendor key
- the factory or vendor key is stored at a factory or vendor site and is not contained anywhere in the circuit breaker. In such a way, the display cannot be initialized or reset unless it is done at the factory site. The authentication process is further described in detail below.
- Each RFID tag may store a RFID message, which may be in any format, for example, the Near Field Communication (NFC) Data Exchange Format, referred to as NDEF.
- Each RFID message may include a signature record and a data record.
- the RFID message may be in the NFC forum signature record type definition (RTD) security protocol, in which the message is a signed NDEF message and contains a data record and a signature record. The length of data record and signature record can be pre-defined.
- RTD NFC forum signature record type definition
- Each RFID tag may also contain a digital certificate that will be used for the authentication process.
- the data record may be a message payload and may be of various length.
- the data record may have a length in the range of a few bytes to a few hundred bytes.
- the data record may be in plain-text format and include a text message, such as "Genuine Circuit Breaker.”
- the data record may also include other information, such as the circuit breaker style number, a date of manufacture code, a quality process control code, or the serial number of the circuit breaker.
- a system may obtain the signature record by applying a hash function, such as SHA-2 (Secure Hash Algorithm 2), to the data record to produce an intermediate message digest.
- the message digest can be of various lengths, such as 256 or 512 bits in length.
- the system may further encrypt, also known as sign, the message digest with a secret factory or vendor key to determine the signature record.
- the signature record can be of various length, such as in a range from ten to a few hundred bytes.
- the signature record may appear as a random alphanumeric code.
- the controller may use the signature record to verify that the data record is not corrupted and authenticate that the data record is created by the party who holds the factory or vendor key.
- an example of an authentication process performed by the controller may include: reading a message from a RFID tag 301 ; reading a digital certificate from the RFID tag 302 ; extracting a public key from the digital certificate 303 ; extracting a signature record and data record from the message 304 ; verifying the signature record by applying the public key to the data record 305 ; and authenticating the digital certificate against a root key 306. If the signature record is verified to be valid and the digital certificate is also authenticated, the controller may determine that the circuit breaker is genuine and authenticated. The controller then may send a signal to the power control device to cause the display to initialize (or reset) to the initial state. If either the signature record or the digital certificate is invalid, the controller may determine that the circuit breaker has been tampered with and send a signal to the power control device to cause the display to change to the tampering state such as erasing the message on the display.
- the controller in response to an occurrence of a tampering, such as when the housing is open, the controller may be configured to perform the authentication process in FIG. 3 to determine whether the circuit breaker has been tampered with before causing the power control device to cause the display to erase the message on the display (i.e., changing to the tampering state).
- the controller may repeat the authentication process in FIG. 3 a number of times. If the authentication process still fails after the number of tries, i.e., no valid signed NDEF message or digital certificate can be obtained from the RFID tags, then the controller may determine that the circuit breaker has been tampered with.
- the controller may subsequently issue a command to the power control module to apply an erase voltage to the display to erase any genuine logo previously displayed.
- the controller may also cause the display to output a message indicating that the circuit breaker has been tampered. If the controller successfully completes the authentication process in FIG. 3 , then the controller may standby and not issue any command to the power control device to cause the display to change state. In other words, the display continues to display the genuine logo that is displayed.
- the controller may be in communication with multiple RFID tags (e.g., 220 and 222 in FIG. 2 ).
- the controller may be configured to repeat the authentication process for each of the RFID tags.
- the controller determines that the circuit breaker is genuine and the display continues to display the genuine logo. If the authentication process fails for any of the RFID tags, then the controller may determine that the circuit breaker has been tampered with and subsequently issue a command to the power control device to cause the display to change to the tampering state.
- the controller 204 may use a public key infrastructure (PKI).
- PKI public key infrastructure
- a public key may be stored in each of the RFID tags, and the private key is the root key that is stored at the factory site. The root key is not stored in the circuit breaker.
- the controller may be configured to retrieve the root key from a source external to the circuit breaker via a memory interface (126 in FIG. 1 ) of the circuit breaker.
- the root key may be stored in an external memory, and the memory interface, may be configured to communicate, wired or wirelessly, with the external memory to be able to retrieve the root key.
- the root key is stored in a non-volatile memory in a root RFID tag. This installation may occur before the circuit breaker is shipped from the manufacturer to distributors or others, such as at the factory site.
- the root RFID tag may be physically stored and held by the manufacturer or a representative of the manufacturer, such as at the factory site, and is not distributed with the product.
- the memory interface ( 126 in FIG. 1 ) may be a RFID reader that is configured to communicate with a RFID tag to be able to read data stored in the memory of the RFID tag.
- any modification of a circuit breaker would require the presence of this root RFID tag in close proximity to the circuit breaker.
- the controller may determine that the circuit breaker has been tampered with by an unauthorized party, and subsequently issue a command to the power control device to cause the display to change to the tampering state. As such, someone who has tampered with the circuit breaker, which causes the display to change to the tampering state, cannot reset the display to its initial display because no root key is available.
- the one or more RFID tags may each be attached to a part of the circuit breaker to provide authenticity.
- a first RFID tag 120 may be attached to the cover 112 of the housing and the second RFID tag 122 may be attached to the base 114 of the housing.
- a RFID tag may be attached to a critical component of the circuit breaker, so that when that critical component is replaced by an after-market part, no correct RFID tag will be read and the authentication will fail.
- the RFID tag can be passive or active. If the RFID tag is active, the power control device ( 202 in FIG. 2 ) may be configured to further power the RFID tag in response to detecting that the circuit breaker has been tampered with.
- the low-power display such as the electronic paper
- the low-power display can maintain the message on the display when there is no electrical power and would need only a little power to change the display.
- This small amount of power can be generated by a movement associated with the opening of the housing, via a power harvester.
- the present solution uses an authentication process to initialize the display to a no tampering state or authenticate before changing the display to a tampering state in response to detecting that the circuit breaker has been tampered with.
- This authentication process requires readings of authentication data from RFID tags and a key that is only accessible to a factory. This effectively prevents anyone from initializing the display after tampering with the circuit breaker.
- the housing may have more than two parts: a cover, a base and a middle part.
- the display may be attached to any part of the housing.
- the power harvester may be of other types.
- Various features may also be used to authenticate and detect integrity of other types of apparatus or equipment as may be appreciated by those skilled in the art.
- the above illustrated features may be used to authenticate or detect integrity of appliances so that a display that is attached to an outside surface of an appliance's cover may change from a first (initial) state to a second (tampering) state when the appliance has been tampered with.
Landscapes
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Remote Monitoring And Control Of Power-Distribution Networks (AREA)
Description
- This disclosure is related to a method and system for authenticating and detecting the integrity of an electrical equipment, and in particular to whether or not a circuit breaker has been subject to unauthorized tampering.
- Circuit breakers (as well as switchgear and other electrical circuit control equipment, hereinafter and collectively "circuit breakers") are designed to provide protection for power distribution systems. Circuit breakers safeguard connected electrical devices and conductors against current overloads and short circuits, thereby protecting people and equipment in the field. A circuit breaker includes a housing assembly that encloses elements of a conductor assembly, an operating mechanism, a trip unit, as well as other elements. The enclosed elements must be made and maintained according to the manufacturer's specifications. Circuit breakers, or specific elements thereof such as, but not limited to, the trip units, which are purchased from unauthorized online resellers and unauthorized local dealers, are often of unknown conditions and origins. For example, a circuit breaker that is advertised as "new" may be a counterfeit of it, or it may contain counterfeit circuit breaker elements. It may be reconditioned, or it may have been tampered with. Such circuit breakers/elements expose users to substantial safety risks and liability, as well as potential lost production revenues.
- From an ordinary user's perspective, improperly reconditioned or counterfeit circuit breakers and circuit breaker elements are hard to spot. Ordinary users may not have sufficient technical knowledge and experience to detect or identify any unauthorized product or improper reconditioning/tampering. A problem with known circuit breakers is that they do not include a device for detecting authenticity of circuit breakers, i.e., whether a circuit breaker is made by the original manufacturer or the circuit breaker has been tampered with or improperly reconditioned. Same issues exist for other electrical equipment.
- This disclosure describes systems that address at least some of the technical issues discussed above, and/or other issues. Attention is drawn to
WO 2012 042 364 A1 , which relates to an interface for a self powered protection relay that uses mechanical switches for its configuration. The protection relay comprises of a base relay for measurement of line current and generation of a trip signal, a Human Machine Interface (HMI) unit for specifying, by a user, a base setting of an operating parameter of the protection relay. The base relay is self -powered from the line and the HMI unit is provided with an auxiliary power supply. The protection relay is configured with mechanical switches provided in the protection relay. The HMI unit in the protection relay is designed to detect and alert the user of the relay of any change in the base setting carried out with one or more mechanical switches provided in the relay in powered and unpowered conditions of the base relay. Furthermore,EP 3 041 013 A1 relates to RFID tag based state monitoring of contactors. - In accordance with the present invention, a circuit breaker apparatus and a method as set forth in claims 1 and 15 are provided. Further embodiments are inter alia disclosed in the dependent claims. The circuit breaker apparatus inter alia includes a housing, a circuit disposed in the housing, a display attached to an outside surface of the housing, a controller, and a power control device electrically coupled to the display and the controller. The housing may include multiple sections, such as a base and a cover. The circuit connects a power line to a load via conductors and provide circuit protection for the conductors and the load. The power control device may provide power to the controller when the apparatus is being tampered with. When the controller is powered, it may cause the power control device to cause the display to change from a first state to a second state, where the first state indicates that the apparatus is authenticated and the second state indicates that the apparatus has been tampered with.
- In some scenarios, the first state may include a state in which a message indicative of no tampering is displayed, or a two-dimensional (2D) barcode containing product information is displayed. The second state of the display may include a state in which: a message displayed in the first state is erased; a blank screen is displayed; or a message indicating that the apparatus has been tampered with is displayed. The display may be an electronically-alterable display that does not require power in situations other than changing its state. Either the first state or the second state may stay in that state when the display has no power.
- In some scenarios, the power control device may include an energy storage device, such as a capacitor, which becomes sufficiently charged to power the controller when the apparatus is being tampered with. The circuit breaker may include a battery and a switch, where the switch is configured to connect the battery to the energy storage device when the apparatus is being tampered with. The circuit breaker may also include a power harvester disposed inside the apparatus and configured to charge the energy storage device when the apparatus is being tampered with. The power harvester may charge the energy storage device when the housing is opened between any two sections of the housing.
- The circuit breaker apparatus includes a first RFID tag attached to the apparatus, the first RFID tag containing authentication data therein. The controller of the circuit breaker apparatus initializes the display to the first state by: retrieving the authentication data from the first RFID tag; retrieving a key stored external to the apparatus; using the key to determine whether the authentication data retrieved from the first RFID tag is valid; and upon determining that the authentication data retrieved from the first RFID tag is valid, causing the power control device to initialize the display to the first state.
- In some scenarios, the controller may determine whether the apparatus has been tampered with before causing the power control device to cause the display to change from the first state to the second state. The step of such determination may include: retrieving the authentication data from the first RFID tag; retrieving the key stored external to the apparatus; using the key to determine whether the authentication data retrieved from the first RFID tag is valid; and upon determining that the authentication data retrieved from the first RFID tag is invalid, determining that the apparatus has been tampered with.
- The circuit breaker apparatus may also include a second RFID tag containing authentication data therein and attached to the apparatus. The controller may initialize the display to the first state by additionally: retrieving the authentication data from the second RFID tag; using the key to determine whether the authentication data retrieved from the second RFID tag is valid; and upon determining that both the authentication data retrieved from the first RFID tag is valid and the authentication data retrieved from the second RFID tag is valid, causing the display to initialize to the first state. In some scenarios, the first RFID tag may be attached to the cover of the housing, and the second RFID tag may be attached to the base of the housing. In some scenarios, either the first RFID tag or the second RFID tag may be an active RFID chip, and the power control device may power the first and/or second RFID tag when the apparatus is being tampered with.
- Various methods for authenticating and detecting integrity of a circuit breaker may be implemented in the apparatus. A method for detecting integrity of a circuit breaker includes:
by a power control device of the circuit breaker, providing power to a controller of the circuit breaker when the circuit breaker is being tampered with; by the controller of the circuit breaker, when powered, causing the power control device to cause a display attached to an outside surface of the circuit breaker to change from a first state to a second state. The first state indicates that the circuit breaker is authenticated and the second state indicates that the circuit breaker has been tampered with. - The method includes:
by the controller, initializing the display to the first state by: retrieving authentication data from a first RFID tag attached to the circuit breaker; retrieving a key stored external to the circuit breaker; using the key to determine whether the authentication data retrieved from the first RFID tag is valid; and upon determining that the authentication data retrieved from the first RFID tag is valid, causing the power control device to initialize the display to the first state. - The method may also include: by the controller, determining whether the circuit breaker has been tampered with before causing the power control device to cause the display to change from the first state to the second state. The determination of whether the circuit breaker has been tampered may include: retrieving the authentication data from the first RFID tag; retrieving the key stored external to the circuit breaker; using the key to determine whether the authentication data retrieved from the first RFID tag is valid; and upon determining that the authentication data retrieved from the first RFID tag is invalid, determining that the circuit breaker has been tampered with.
- The method may further include: by the controller, initializing the display to the first state. The step of initializing the display to the first state may additionally include: retrieving authentication data from a second RFID tag attached to the circuit breaker; using the key to determine whether the authentication data retrieved from the second RFID tag is valid; and, upon determining that both the authentication data retrieved from the first RFID tag is valid and the authentication data retrieved from the second RFID tag is valid, causing the display to initialize to the first state.
-
-
FIG. 1 is a schematic, isometric view of an example of a circuit breaker with tampering detection and authentication. -
FIG. 2 illustrates some components of the circuit breaker inFIG. 1 . -
FIG. 3 illustrates an example of an authentication process by a controller of the circuit breaker inFIG. 1 . - In this document, the terms "controller" and "controller device" mean an electronic device or system of devices configured to command or otherwise manage the operation of one or more other devices. A controller will typically include a processing device, and it will also include or have access to a memory device that contains programming instructions configured to cause the controller's processor to manage operation of the connected device or devices.
- In this document, the terms "memory" and "memory device" each refer to a non-transitory device on which computer-readable data, programming instructions or both are stored. Except where specifically stated otherwise, the terms "memory" and "memory device" are intended to include single-device embodiments, embodiments in which multiple memory devices together or collectively store a set of data or instructions, as well as one or more individual sectors within such devices.
- In this document, the terms "processor" and "processing device" refer to a hardware component of an electronic device (such as a controller) that is configured to execute programming instructions. Except where specifically stated otherwise, the singular term "processor" or "processing device" is intended to include both single processing device embodiments and embodiments in which multiple processing devices together or collectively perform a process.
- The term "message" in this document refers to any text or graphics that may be output on a display and visible to a user. For example, the message may be plain English text, or the message may also be a symbol, a logo, or a two-dimensional (2D) barcode, such as a matrix code or QR code. The 2D barcode may contain data, such as product information.
- The term "tampering" as used for tampering with a circuit breaker refers to making unauthorized alterations to the circuit breaker, where such alterations may cause one or more parts of the circuit breaker to become loose or have non-manufacturer authorized parts installed. The alteration may include various types of actions done to the breaker. For example, the alteration may include opening the circuit breaker's housing so that at least two sections of the housing become apart. The alteration may also include peeling the warranty seal of the breaker. The alteration may also include an incidental impact to the breaker beyond normal use, such as dropping the breaker to the ground or causing the breaker cover and base to separate.
-
FIG. 1 illustrates an example of acircuit breaker 100, which includes ahousing 110. The housing includes multiple sections, such as afirst section 112 and asecond section 114, that together form a sealed enclosure. Each of the first orsecond section housing 110 may be the cover and the base of the housing, respectively.Housing 110 may enclose therein a circuit which is configured to connect a power line to a load via conductors, and to provide circuit protection for the conductors and the load. Conductors may include busbars, conductive traces, wiring, cables or other conductive materials. The circuit includes a number of elements which directly affect the operation of the circuit breaker. These number of elements of the circuit breaker may include, for example, a set of contacts, an operating mechanism, a trip unit, an auxiliary switch, an under voltage relay, a bell alarm switch (not shown) or a combination thereof. - The
circuit breaker 100 may also include adisplay 116 attached to an outside surface of the housing. For example, thedisplay 116 may be attached to thecover 112 or thebase 114 of the housing so that it is viewable to the user. Thedisplay 116 may have two states: an initial state and a second state. The initial state may indicate that the circuit breaker is authenticated and has not been tampered with. For example, the display may output a genuine logo "UL Certified" 118 to indicate authenticity to the user. The display may alternatively output a message, such as "This unit is certified." The initial state of the display may be set by the manufacturer. In a non-limiting example, when the circuit breaker is in the factory sealed state and has not been tampered with, the display is in the initial state indicating no tampering, such as outputting a genuine logo. - The second state of the
display 116 may indicate that the circuit breaker has been tampered with. For example, the second (tampering) state may include outputting a message indicating that the apparatus has been tampered with, such as a text message "This unit is void." Alternatively, the second (tampering) state may also include erasing the content of the display in the initial state, for example, the genuine logo "UL Certified" disappears from the display. Alternatively, the second (tampering) state may also include showing a blank screen on the display. - In some scenarios, the circuit breaker may include components that are configured to respond to a tampering event with the circuit breaker by causing the display to change from the initial state to the second (tampering) state. With reference to
FIG. 2 , in some scenarios, the circuit breaker may include acontroller 204 disposed inside the housing (110 inFIG. 1 ). The circuit breaker may also include apower control device 202 electrically coupled (e.g., via direct or indirect connection) to thecontroller 204 and to thedisplay 216 to provide power to the controller and control the display in response to a situation where the apparatus is being tampered with. - In some scenarios, the display is an ultra-low power display unit. For example, the display may be an electronically-alterable display that does not require power in situations other than changing its state. The state of the display may be alterable through the application of an external power without requiring any circuitry in the display itself. In other words, the display may stay in the last state without any circuitry or power. For example,
U.S. Patent No. 7,284,708 discloses an electronically-alterable display that includes bichromal materials which may change orientation in response to an external field, where the orientation of the bichromal material may determine a state of the display, such as an image or value. In a non-limiting example, a charge may be applied to certain areas of the display, for example, an area forming a letter "O," and accordingly the corresponding bichromal material in the display may form the letter "O." - In another non-limiting example, the ultra-low power display unit may be made of the electronic paper display (EPD). An EPD is a display device that only requires power to change the displayed image, and does not require power to maintain the image once displayed. EPDs may rely on electrophoresis to move, turn or otherwise rearrange conductive particles that form the displayed image in response to a selectively applied charge. A message displayed in the EPD can still stay visible when there is no power to the display. As such, the genuine logo on the circuit breaker will still remain visible during normal circuit breaker operation and even when there is a total loss of electrical power. Example manufacturers of EPDs include E Ink, Liquivista, and Plastic Logic.
- In some scenarios, when the display is in the initial state, such as when the circuit breaker is released from the factory, the
power control device 202 does not direct the power to thecontroller 204 and thedisplay 216, and in that state the content on the display cannot be altered. In some scenarios, the circuit breaker may be configured to provide power to thecontroller 204 to allow the display to change from the initial state to the second (tampering) state in response to an occurrence of a tampering event with the circuit breaker. To change the display of the ultra-low power paper, there is only little external power required, and there can be various ways to obtain such power that will be described below. - In some scenarios, the power may be provided by a
battery 214 connected to aswitch 212. Theswitch 212 may be configured to connect thebattery 214 to thepower control device 202 when the circuit breaker is being tampered with. In a non-limiting example, theswitch 212 may be a mechanical switch and attached to the housing of the circuit breaker. The contact points of the switch may be positioned to be open when the housing is closed and close when the housing is opened between at least two sections of the housing. For example, theswitch 212 may be a magnetic sensor switch such as a reed relay that has two parts. The first part may have a set of contacts therein and may be attached to one section of the housing, such as the cover. The second part of the switch may have a magnet that may be positioned in proximity to the first part of the switch. For example, the second part of the switch may be attached to another section of the housing, such as the base, and aligned with the first part. When the housing is closed, the second part will stay within a proximity to the first part, and the contacts in the first part will stay open. When the housing is opened between the cover and the base, the displacement between the cover and the base of the housing will cause the second part of the switch to be displaced from the first part, which displacement will cause the contacts in the first part to close. In such a case, the switch will connect thebattery 214 to thepower control device 202. - Alternatively, and/or additionally, the power required to power the
power control device 202 may be provided by apower harvester 210 that is connected to thepower control device 202 and is configured to generate power when the circuit breaker is being tampered with. - In a non-limiting example, as shown in
FIG. 1 , thepower harvester 124 may be disposed inside thehousing 110. Thepower harvester 124 may have a coil and a magnet that are disposed inside the housing and that are magnetically couplable to each other. Each of the coil and magnet may be attached to a part of the housing. For example, the coil may be attached to the cover of the housing, and the magnet may be attached to the base of the housing. When the housing is closed, the coil and the magnet may be coupled. For example, the magnet may be positioned inside the coil. When the housing is opened, the magnet may be moved relative to the coil. For example, the magnet may be moved out of the coil. Such motion may generate electrical current inside the coil, which will cause the power harvester to generate power. - Returning to
FIG. 2 , in some scenarios, the power control device also includes anenergy storage device 208, for example, a capacitor, that becomes sufficiently charged by either thebattery 214 or thepower harvester 210 to power thecontroller 204 when the apparatus is being tampered with. - When the circuit breaker is being tampered with, the
controller 204 will transition from a state of no power to a state of power. In some scenarios, thecontroller 204 may be configured to cause the display to change its state when the controller is powered up. For example, whencontroller 204 is powered up (by the power control device), it may automatically transmit a signal to cause thepower control device 202 to cause thedisplay 216 to enter into a tampering state indicating that the circuit breaker has been tampered with. For example, the display may output a message indicating that the circuit breaker has been tampered with. Alternatively, at power-up, thecontroller 204 may be configured to cause thepower control device 202 to erase the message displayed in the initial state. Once the display is transitioned to the tampering state, it cannot change back to the initial state unless the display is reset. In such a way, via the state of the display, the user may recognize that the circuit breaker has been tampered with and is not genuine. - In resetting (i.e. initializing) the display to the initial state, the
controller 204 is configured to use authentication data, which is stored in one or more RFID tags (i.e. RFID chips) 220, 222 attached to the circuit breaker housing. In some scenarios, thecontroller 204 may be in communication with the one ormore RFID tags controller 204 is further configured to read or cause a RFID reading device to retrieve authentication data off of the one ormore RFID tags antennas - Each RFID tag may store a RFID message, which may be in any format, for example, the Near Field Communication (NFC) Data Exchange Format, referred to as NDEF. Each RFID message may include a signature record and a data record. In some scenarios, the RFID message may be in the NFC forum signature record type definition (RTD) security protocol, in which the message is a signed NDEF message and contains a data record and a signature record. The length of data record and signature record can be pre-defined. Each RFID tag may also contain a digital certificate that will be used for the authentication process.
- In some scenarios, the data record may be a message payload and may be of various length. The data record may have a length in the range of a few bytes to a few hundred bytes. For example, the data record may be in plain-text format and include a text message, such as "Genuine Circuit Breaker." The data record may also include other information, such as the circuit breaker style number, a date of manufacture code, a quality process control code, or the serial number of the circuit breaker.
- In some scenarios, a system may obtain the signature record by applying a hash function, such as SHA-2 (Secure Hash Algorithm 2), to the data record to produce an intermediate message digest. The message digest can be of various lengths, such as 256 or 512 bits in length. The system may further encrypt, also known as sign, the message digest with a secret factory or vendor key to determine the signature record. In some scenarios, the signature record can be of various length, such as in a range from ten to a few hundred bytes. Optionally, the signature record may appear as a random alphanumeric code.
- The controller may use the signature record to verify that the data record is not corrupted and authenticate that the data record is created by the party who holds the factory or vendor key.
- In
FIG. 3 , an example of an authentication process performed by the controller may include: reading a message from aRFID tag 301; reading a digital certificate from theRFID tag 302; extracting a public key from thedigital certificate 303; extracting a signature record and data record from themessage 304; verifying the signature record by applying the public key to thedata record 305; and authenticating the digital certificate against aroot key 306. If the signature record is verified to be valid and the digital certificate is also authenticated, the controller may determine that the circuit breaker is genuine and authenticated. The controller then may send a signal to the power control device to cause the display to initialize (or reset) to the initial state. If either the signature record or the digital certificate is invalid, the controller may determine that the circuit breaker has been tampered with and send a signal to the power control device to cause the display to change to the tampering state such as erasing the message on the display. - Alternatively, and/or additionally, in response to an occurrence of a tampering, such as when the housing is open, the controller may be configured to perform the authentication process in
FIG. 3 to determine whether the circuit breaker has been tampered with before causing the power control device to cause the display to erase the message on the display (i.e., changing to the tampering state). Optionally, the controller may repeat the authentication process inFIG. 3 a number of times. If the authentication process still fails after the number of tries, i.e., no valid signed NDEF message or digital certificate can be obtained from the RFID tags, then the controller may determine that the circuit breaker has been tampered with. The controller may subsequently issue a command to the power control module to apply an erase voltage to the display to erase any genuine logo previously displayed. Alternatively, the controller may also cause the display to output a message indicating that the circuit breaker has been tampered. If the controller successfully completes the authentication process inFIG. 3 , then the controller may standby and not issue any command to the power control device to cause the display to change state. In other words, the display continues to display the genuine logo that is displayed. - Alternatively, and/or additionally, the controller may be in communication with multiple RFID tags (e.g., 220 and 222 in
FIG. 2 ). The controller may be configured to repeat the authentication process for each of the RFID tags. When the authentication process for all of the RFID tags succeeds (i.e., all signed NDEF messages and digital certificates obtained from the RFID tags are valid), the controller determines that the circuit breaker is genuine and the display continues to display the genuine logo. If the authentication process fails for any of the RFID tags, then the controller may determine that the circuit breaker has been tampered with and subsequently issue a command to the power control device to cause the display to change to the tampering state. - In verifying the authentication data and the key, in some scenarios, the
controller 204 may use a public key infrastructure (PKI). For example, a public key may be stored in each of the RFID tags, and the private key is the root key that is stored at the factory site. The root key is not stored in the circuit breaker. In the authentication process inFIG. 3 , the controller may be configured to retrieve the root key from a source external to the circuit breaker via a memory interface (126 inFIG. 1 ) of the circuit breaker. For example, the root key may be stored in an external memory, and the memory interface, may be configured to communicate, wired or wirelessly, with the external memory to be able to retrieve the root key. - In some scenarios, the root key is stored in a non-volatile memory in a root RFID tag. This installation may occur before the circuit breaker is shipped from the manufacturer to distributors or others, such as at the factory site. The root RFID tag may be physically stored and held by the manufacturer or a representative of the manufacturer, such as at the factory site, and is not distributed with the product. The memory interface (126 in
FIG. 1 ) may be a RFID reader that is configured to communicate with a RFID tag to be able to read data stored in the memory of the RFID tag. Although the root RFID tag is not attached to any circuit breaker, any modification of a circuit breaker would require the presence of this root RFID tag in close proximity to the circuit breaker. If the root RFID tag is absent when the circuit breaker is being modified, the controller may determine that the circuit breaker has been tampered with by an unauthorized party, and subsequently issue a command to the power control device to cause the display to change to the tampering state. As such, someone who has tampered with the circuit breaker, which causes the display to change to the tampering state, cannot reset the display to its initial display because no root key is available. - Returning to
FIG. 1 , the one or more RFID tags may each be attached to a part of the circuit breaker to provide authenticity. For example, afirst RFID tag 120 may be attached to thecover 112 of the housing and thesecond RFID tag 122 may be attached to thebase 114 of the housing. Alternatively, and/or additionally, a RFID tag may be attached to a critical component of the circuit breaker, so that when that critical component is replaced by an after-market part, no correct RFID tag will be read and the authentication will fail. The RFID tag can be passive or active. If the RFID tag is active, the power control device (202 inFIG. 2 ) may be configured to further power the RFID tag in response to detecting that the circuit breaker has been tampered with. - The above illustrated embodiments provide advantages over the existing systems. For example, the low-power display, such as the electronic paper, can maintain the message on the display when there is no electrical power and would need only a little power to change the display. This small amount of power can be generated by a movement associated with the opening of the housing, via a power harvester. Further, the present solution uses an authentication process to initialize the display to a no tampering state or authenticate before changing the display to a tampering state in response to detecting that the circuit breaker has been tampered with. This authentication process requires readings of authentication data from RFID tags and a key that is only accessible to a factory. This effectively prevents anyone from initializing the display after tampering with the circuit breaker.
- The features and functions described above, as well as alternatives, may be combined into many other different systems or applications as appreciated by one ordinarily skilled in the art. For example, the housing may have more than two parts: a cover, a base and a middle part. The display may be attached to any part of the housing. There can be any number of RFID tags attached to the circuit breaker. The power harvester may be of other types. Various features may also be used to authenticate and detect integrity of other types of apparatus or equipment as may be appreciated by those skilled in the art. For example, the above illustrated features may be used to authenticate or detect integrity of appliances so that a display that is attached to an outside surface of an appliance's cover may change from a first (initial) state to a second (tampering) state when the appliance has been tampered with.
Claims (18)
- A circuit breaker apparatus (100) comprising:a housing (110);a circuit disposed in the housing (110) and configured to connect a power line to a load via one or more conductors and provide circuit protection for the one or more conductors and the load;a display (116) attached to an outside surface of the housing;a controller (204);a power control device (202) electrically coupled to the display (116) and the controller (204), and configured to provide power to the controller (204) when the apparatus is being tampered with; andwherein the controller (204) is configured to, when powered, cause the power control device (202) to cause the display (116) to change from a first state to a second state, wherein the first state indicates that the apparatus is authenticated and the second state indicates that the apparatus has been tampered with; and characterised in that the circuit breaker apparatus comprisesa first RFID tag (220) attached to the apparatus, the first RFID tag containing authentication data therein;wherein the controller (204) is further configured to initialize the display (116) to the first state by:retrieving the authentication data from the first RFID tag (220);retrieving a key stored external to the apparatus;using the key to determine whether the authentication data retrieved from the first RFID tag (220) is valid; andupon determining that the authentication data retrieved from the first RFID tag (220) is valid, causing the power control device (202) to initialize the display (116) to the first state.
- The apparatus (100) of claim 1, wherein the power control device (202) comprises an energy storage device (208) that is configured to become sufficiently charged to power the controller (204) when the apparatus is being tampered with.
- The apparatus (100) of claim 2, wherein the energy storage device (208) is a capacitor.
- The apparatus (100) of any one of claims 1 to 3, further comprising a battery (214) and a switch (212), wherein the switch (212) is configured to connect the battery (214) to the power control device (204) when the apparatus is being tampered with.
- The apparatus (100) of any one of claims 2 to 4, further comprising a power harvester (124; 210) disposed inside the apparatus and configured to charge the energy storage device (208) when the apparatus is being tampered with.
- The apparatus (100) of claim 5, wherein the housing (110) comprises a plurality of sections and the power harvester (124; 210) is configured to charge the energy storage device (208) when the housing (110) is opened between any two of the plurality of sections of the housing (110).
- The apparatus (100) of any one of the preceding claims, wherein the first state of the display (116) comprises a state in which a message indicative of no tampering is displayed.
- The apparatus (100) of any one of the preceding claims, wherein the first state of the display (116) comprises a state in which a 2D barcode containing product information is displayed.
- The apparatus (100) of claim 7, wherein the second state of the display (116) comprises a state in which:a message displayed in the first state is erased;a blank screen is displayed; ora message indicating that the apparatus has been tampered with is displayed.
- The apparatus (100) of claim 9, wherein the display (116) is configured such that the message displayed in the first state or in the second state stays when the display (116) has no power.
- The apparatus (100) of any one of the preceding claims, wherein the controller (204) is configured to determine whether the apparatus has been tampered with before causing the power control device (202) to cause the display (116) to change from the first state to the second state, by:retrieving the authentication data from the first RFID tag (220);retrieving the key stored external to the apparatus;using the key to determine whether the authentication data retrieved from the first RFID tag (220) is valid; andupon determining that the authentication data retrieved from the first RFID tag (220) is invalid, determining that the apparatus has been tampered with.
- The apparatus (100) of any one of the preceding claims, further comprising a second RFID tag (222) containing authentication data therein and attached to the apparatus, wherein the controller (204) is further configured to initialize the display (116) to the first state by additionally:retrieving the authentication data from the second RFID tag (222);using the key to determine whether the authentication data retrieved from the second RFID tag (222) is valid; andupon determining that both the authentication data retrieved from the first RFID tag (222) is valid and the authentication data retrieved from the second RFID tag (222) is valid, causing the display (116) to initialize to the first state.
- The apparatus (100) of claim 12, wherein the first RFID tag (220) is attached to a cover (112) of the housing (110) and the second RFID tag (222) is attached to a base (114) of the housing (110).
- The apparatus (100) of claim 11, wherein:the first RFID tag (220) is an active RFID chip; andthe power control device (202) is further configured to power the first RFID tag (220) when the apparatus is being tampered with.
- A method of detecting integrity of a circuit breaker (100), comprising:by a power control device (202) of the circuit breaker (100), providing power to a controller (204) of the circuit breaker (100) when the circuit breaker (100) is being tampered with;by the controller (204) of the circuit breaker (100), when powered, causing the power control device (202) to cause a display (116) to change from the first state to a second state, wherein the first state indicates that the circuit breaker (100) is authenticated and the second state indicates that the circuit breaker (100) has been tampered with;by the controller (204), initializing the display (116) attached to an outside surface of the circuit breaker (100) to a first state characterised by:retrieving authentication data from a first RFID tag (220) attached to the circuit breaker (100);retrieving a key stored external to the circuit breaker (100);using the key to determine whether the authentication data retrieved from the first RFID tag (220) is valid; andupon determining that the authentication data retrieved from the first RFID tag (220) is valid, causing the power control device (202) to initialize the display (116) to the first state.
- The method of claim 15, further comprising:
by the controller (204), determining whether the circuit breaker (100) has been tampered with before causing the power control device (202) to cause the display (116) to change from the first state to the second state, by:retrieving the authentication data from the first RFID tag (220);retrieving the key stored external to the circuit breaker (100);using the key to determine whether the authentication data retrieved from the first RFID tag (220) is valid; andupon determining that the authentication data retrieved from the first RFID tag (220) is invalid, determining that the circuit breaker (100) has been tampered with. - The method of claim 15 or 16, further comprising:
by the controller (204), initializing the display (116) to the first state by additionally:retrieving authentication data from a second RFID tag (222) attached to the circuit breaker (100);using the key to determine whether the authentication data retrieved from the second RFID tag (222) is valid; andupon determining that both the authentication data retrieved from the first RFID tag (220) is valid and the authentication data retrieved from the second RFID tag (222) is valid, causing the display (116) to initialize to the first state. - The method of any one of claims 15 to 17, further comprising:
by the power control device (202), powering the first RFID tag (220) when the circuit breaker (100) is being tampered with.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/809,535 US10141128B1 (en) | 2017-11-10 | 2017-11-10 | Method and apparatus for authenticating and detecting circuit breaker integrity |
PCT/EP2018/025288 WO2019091599A1 (en) | 2017-11-10 | 2018-11-08 | Method and apparatus for authenticating and detecting circuit breaker integrity |
Publications (2)
Publication Number | Publication Date |
---|---|
EP3707739A1 EP3707739A1 (en) | 2020-09-16 |
EP3707739B1 true EP3707739B1 (en) | 2022-09-28 |
Family
ID=64315863
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP18808222.6A Active EP3707739B1 (en) | 2017-11-10 | 2018-11-08 | Method and apparatus for authenticating and detecting circuit breaker integrity |
Country Status (4)
Country | Link |
---|---|
US (2) | US10141128B1 (en) |
EP (1) | EP3707739B1 (en) |
CN (2) | CN113345737B (en) |
WO (1) | WO2019091599A1 (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
USD633446S1 (en) * | 2009-02-06 | 2011-03-01 | Abb S.P.A. | Circuit breaker |
US10777376B2 (en) * | 2017-05-25 | 2020-09-15 | Abb Schweiz Ag | Method and system for hardware tamper detection and mitigation for solid state circuit breaker and its controller |
USD842257S1 (en) * | 2017-09-14 | 2019-03-05 | Eaton Intelligent Power Limited | Three phase bus mounted surge protection device |
US10756908B1 (en) | 2019-02-22 | 2020-08-25 | Beyond Identity Inc. | User authentication with self-signed certificate and identity verification |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5166862A (en) | 1990-09-28 | 1992-11-24 | Square D Company | Panel for mounting electronics |
US5493279A (en) * | 1993-03-24 | 1996-02-20 | Mas-Hamilton Group | Electronic combination lock with covert entry detection feature and method of covert entry detection |
US6844825B2 (en) * | 2000-09-25 | 2005-01-18 | Ekstrom Industries, Inc. | Electric energy service apparatus with tamper detection |
US7284708B2 (en) | 2005-08-23 | 2007-10-23 | Xerox Corporation | Card with rewriteable display |
US8116054B2 (en) * | 2006-12-29 | 2012-02-14 | General Electric Company | Universal rating plug for electronic trip unit |
ES2350656T3 (en) | 2007-06-06 | 2011-01-25 | Bticino S.P.A. | CIRCUIT SWITCH IN MOLDED BOX THAT INCLUDES A PROCESSING UNIT WITH DATA DISPLAY MEANS. |
US20110110171A1 (en) * | 2009-11-12 | 2011-05-12 | Em Microelectronic-Marin Sa | Powerless external event detection device |
US8519283B2 (en) * | 2010-01-20 | 2013-08-27 | Eaton Corporation | Cover assembly with electrical switching apparatus |
BR112013007861A8 (en) | 2010-10-01 | 2017-12-19 | Abb Schweiz Ag | DIP SWITCH CHANGE DETECTION ON A SELF-POWERED RELAY |
US20130023339A1 (en) * | 2011-07-20 | 2013-01-24 | Igt | Methods and apparatus for providing secure logon to a gaming machine using a mobile device |
US9106070B2 (en) * | 2013-03-06 | 2015-08-11 | Eaton Corporation | Display unit configured to display trip information and circuit interrupter including the same |
US9514899B2 (en) | 2014-12-29 | 2016-12-06 | Eaton Corporation | Control switch with integrated RFID tag |
US9418808B2 (en) | 2014-12-29 | 2016-08-16 | Eaton Corporation | RFID tag based state monitoring of contactors |
-
2017
- 2017-11-10 US US15/809,535 patent/US10141128B1/en active Active
-
2018
- 2018-10-25 US US16/170,150 patent/US11056290B2/en active Active
- 2018-11-08 EP EP18808222.6A patent/EP3707739B1/en active Active
- 2018-11-08 CN CN202110676207.0A patent/CN113345737B/en active Active
- 2018-11-08 WO PCT/EP2018/025288 patent/WO2019091599A1/en unknown
- 2018-11-08 CN CN201880070766.3A patent/CN111344826B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN113345737A (en) | 2021-09-03 |
CN111344826B (en) | 2021-07-02 |
EP3707739A1 (en) | 2020-09-16 |
CN113345737B (en) | 2022-08-26 |
US10141128B1 (en) | 2018-11-27 |
CN111344826A (en) | 2020-06-26 |
US20190148089A1 (en) | 2019-05-16 |
WO2019091599A1 (en) | 2019-05-16 |
US11056290B2 (en) | 2021-07-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3707739B1 (en) | Method and apparatus for authenticating and detecting circuit breaker integrity | |
US6715078B1 (en) | Methods and apparatus for secure personal identification number and data encryption | |
US10733291B1 (en) | Bi-directional communication protocol based device security | |
US8710961B2 (en) | Anti-fake battery pack and identification system thereof | |
EP2469237B1 (en) | Power meter arrangement | |
KR101080511B1 (en) | Integrated circuit chip prevneting leak of identification key and method for certification of the integrated circuit chip | |
US20050145690A1 (en) | Transaction terminal device and transaction terminal control method | |
CN102640229B (en) | Device, system and microprocessor for tamper resistant fuse design | |
CN108573296A (en) | False proof device, anti-counterfeiting system and method for anti-counterfeit | |
CN102339498B (en) | There is the management method of the electronic installation as integrated circuit type that personal authentication's key inside generates | |
CN103198401B (en) | There is smart card method of commerce and the system of electronic signature functionality | |
CN205091758U (en) | Card reader and CPU card transaction system | |
US8947109B2 (en) | Protection device, corresponding method and computer software product | |
CN111183611A (en) | Device with physical unclonable function | |
CN102354413A (en) | Method and system for access to an integrated circuit comprising a personal authentication key | |
CN106093833B (en) | Take the function of initializing test method and system of control electric energy meter | |
EP0220703B1 (en) | Ic card system | |
EP0818762A2 (en) | Coding device, decoding device and IC circuit | |
CN115080075A (en) | Firmware deployment system and method of embedded hardware security module | |
KR102073363B1 (en) | Secure communication device for enhancing security of industrial control system | |
CN103403741B (en) | Start portable data storage medium | |
JP7238689B2 (en) | Information processing equipment | |
CN108629871A (en) | Value document processing equipment and method for operating value document processing equipment | |
CN103136666B (en) | There is smart card method of commerce and the system of electronic signature functionality | |
KR20090037714A (en) | Semiconductor integrated circuit and method for testing thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20200603 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
INTG | Intention to grant announced |
Effective date: 20220712 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602018041199 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 1521792 Country of ref document: AT Kind code of ref document: T Effective date: 20221015 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG9D |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20221228 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20220928 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20221229 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230130 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20230128 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230521 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602018041199 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20221130 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20221108 |
|
26N | No opposition filed |
Effective date: 20230629 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20221108 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20221130 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20231019 Year of fee payment: 6 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: IT Payment date: 20231019 Year of fee payment: 6 Ref country code: FR Payment date: 20231019 Year of fee payment: 6 Ref country code: DE Payment date: 20231019 Year of fee payment: 6 Ref country code: CH Payment date: 20231201 Year of fee payment: 6 Ref country code: AT Payment date: 20231023 Year of fee payment: 6 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220928 Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20181108 |